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1 DEVICE AND METHOD FOR SAFEGUARDING DATA TRANSFERRED BETWEEN MACHINES 

1 OPERATING WITHIN A NETWORK 

2 

3 This invention relates to means for effecting security, 

4 and in particular to means for safeguarding data 

5 transferred between machines operating within a network 

6 environment . 
7 

8 It is recognised that there are numerous situations 

9 where although encryption of data prior to its saving 

10 in a machine is inappropriate, it is nonetheless 

11 desirable that the data is not easily accessible. 

12 However when data is transferred between machines 

13 within a network there is always the possibility that 

14 the data could be picked up from the network link or 

15 from a receiving machine. 
16 

17 A practical example would be the printing of a 

18 confidential document. If the document is sent from a 

19 computer to a printer both of which are networked, 

20 there is the possibility that access to the document or 

21 a portion thereof may be gained from the network link 

22 or the printer server, or from a hard copy when the 

23 report has printed. 
24 

25 According to the present invention there is provided 
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1 means to safeguard data transferred within a network 

2 from data transmitting means to data receiving means 

3 comprising: 

4 data transmitting means; 

5 encoding means associated with said data transmitting 

6 means ; 

7 data receiving means; 

8 decoding means associated with said data receiving 

9 means ; and 

10 enabling means for the decoding means to allow the data 

11 receiving means to utilize transferred data. 
12 

13 Preferably said encoding means includes software which 

14 encodes data prior to its transfer from the data 

15 transmitting means. 
16 

17 Additionally or alternatively said encoding means may 

18 include hardware which encodes data prior to its 

19 transfer from the data transmitting means. 
20 

21 Preferably the encoding means includes software which 

22 generates the enabling means. 
23 

24 Additionally or alternatively the encoding means may 

25 include hardware which generates the enabling means. 
26 

27 Preferably the enabling means is job specific. 
28 

29 Preferably the enabling means is an access code. 
30 

31 Preferably the decoding means is adapted for attachment 

32 to the data receiving means. Alternatively the 

33 decoding means may be remote from the data receiving 

34 means- Alternatively the decoding means may be 

35 integrated in the data receiving means. 
36 
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1 Preferably the decoding means is a hardware device. 
2 

3 Preferably the decoding means includes means for input 

4 of the enabling means. 
5 

6 Preferably the means for input of the enabling means is 

7 a data entry device. More preferably the data entry 

8 device is a keypad or a swipe. 
9 

10 Preferably said means to safeguard data denies access 

11 to transferred data unless the decoding means is 

12 enabled by the enabling means within a specified time 

13 period from generation of the enabling means. 
14 

15 Preferably said means to safeguard data denies access 

16 to transferred data if more than one unsuccessful 

17 attempt is made to enable the decoding means. 
18 

19 Preferably the data transmitting means is a computer. 
20 

21 Preferably the data receiving means is a printer. 
22 

23 Alternatively the data receiving means may be a 

24 computer. 
25 

26 Alternatively the data receiving means may be a 

27 facsimile machine. 
28 

29 Further according to the present invention there is 

30 provided a method of safeguarding data transferred 

31 within a network from a computer to a printer , 

32 comprising the steps of: 

33 providing encoding means in the computer and decoding 

34 means for the printer; 

35 encoding the data and generating an access code in the 

36 computer; 



WO 98/07254 £ 41 PCT/GB97/02142 

4 

1 sending encoded data to the printer; and 

2 applying the access code to the decoding means to 

3 enable the decoding means and permit printing of the 

4 data . 
5 

6 Preferably the method is applied to an existing 

7 network . 
8 

9 Preferably the method is applied to the Internet. 
10 

11 Embodiments of the present invention will now be 

12 described by way of example only. 
13 

14 A computer network comprises several client sharing 

15 computers and one or several standard laser printer 

16 facilities connected to a server. Data is generated 

17 and saved on the computer prior to the generation of a 

18 physical report. 
19 

20 To generate a report, data is sent to a printer either 

21 directly or through a printer server. When a computer 

22 user instructs the printing of particular data, 

23 encoding means in the form of software encodes the 

24 data. This software, which may be included in the 

25 printer driver software, intercepts unencoded output 

26 from a printer driver and encodes the information 

27 before sending it to the printer server. In addition, 

28 the software generates and displays enabling means for 

29 each print job in the form of a job specific access 

30 code. Thus the codes generated by the encoder software 

31 form part of an encryption algorithm used in the coding 

32 and decoding processes. 
33 

34 The data is sent over the network in the encoded form. 

35 This ensures that any data picked up from the network 

36 link, arriving at other than its designated address, or 
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1 stored on the printer server, is incomprehensible. 
2 

3 Decoding means controls the flow of data. The decoding 

4 means incorporates a keypad and prevents decoding of 

5 any data received by the decoding means unless the 

6 correct code is entered in the keypad. A standard 

7 laser printer has a port to accommodate memory and/or 

8 font cartridges. Decoding means in the form of a 

9 cartridge with the facility to register a code is 
10 plugged into this port. 

11 

12 Alternatively discrete decoding means is inserted 

13 between the computer or printer server and the printer. 

14 This discrete decoding means may take the form of a box 

15 including electronics, connectors and power switches. 

16 Alternatively the electronics are incorporated on a 

17 single chip and included in a printer cable - that is, 

18 the decoding means is integrated in the printer cable. 

19 The above options allow for the adaption of an existing 

20 printer. The decoding means can be integrated in new 

2 1 printers . 
22 

23 The decoding means comprises a microcontroller or 

24 microprocessor or other programmable device which 

25 controls the flow of data in both encrypted and non- 
26 encrypted format between the computer and the printer. 

27 The decoding means further includes ancillary 

28 electronics. These ancillary electronics include 

29 voltage stabilisation circuitry and buffering between 

30 the decoding means and the computer and printer. 

31 External features include an LCD display, a code input 

32 device such as a keypad, connectors and power switches. 

33 The processor controls the display output and the 

34 keypad input, when it is necessary to enter the code. 

35 When the correct code has been entered, the controller 

36 also performs the decryption of the incoming data. 
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1 An intelligible output is obtainable only when the 

2 correct code is entered in the decoding means. The 

3 code is job specific and the decoding means can be 

4 programmed to delete a print job, or store it 

5 temporarily, or return it to the print server, unless 

6 the correct job code is entered within a specified time 

7 period from the print job being sent to the printer 

8 from the print server, or if the wrong code is entered 

9 more than once. 
10 

11 The advantages of this invention include its 

12 simplicity. Its inclusion in an existing network 

13 environment requires minimal adaptation of that 

14 network. In essence all that is required is a code- 

15 operated cartridge adapted for attachment to existing 

16 printers or a stand alone box, and suitable software. 
17 

18 The software can be part of a printer driver or an 

19 addition to the printer driver. When the printer 

20 driver has coded the job for a specific printer, the 

21 encryption driver intercepts this information before 

22 sending it to the printer. The software algorithm is 

23 platform and network independent, and runs on a variety 

24 of platforms such as Windows™ or OS/2™, and networks 

25 such as Novell™. 
26 

27 Since the information is sent to the printer in encoded 

28 format it cannot be picked up from the network link in 

29 intelligible form. Information stored on the printer 

30 server is encoded and lost printouts are 

31 incomprehensible. Thus confidential reports or the 

32 like sent to a network printer from a computer or over 

33 the Internet may be accessed only by the initiator of 

34 the print job or someone authorised by them. 
35 

36 Access may similarly be denied to confidential 
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1 information sent from computer to computer or computer 

2 to facsimile machine . The invention also facilitates 

3 monitoring and/or restricting use of a printer. 
4 

5 Modifications and improvements may be made to the above 

6 without departing from the scope of the invention. 
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1 CLAIMS 
2 

3 l. Means to safeguard data transferred within a 

4 network from data transmitting means to data 

5 receiving means comprising: 

6 data transmitting means; 

7 encoding means associated with said data 

8 transmitting means; 

9 data receiving means; 

10 decoding means associated with said data receiving 

11 means; and 

12 enabling means for the decoding means to allow the 

13 data receiving means to utilize transferred data. 
14 

15 2. Means to safeguard data as claimed in Claim 1 

16 wherein the encoding means includes software which 

17 encodes data prior to its transfer from the data 

18 transmitting means. 
19 

20 3. Means to safeguard data as claimed in any 

21 preceding claim wherein the encoding means 

22 includes hardware which encodes data prior to its 

23 transfer from the data transmitting means. 
24 

25 4. Means to safeguard data as claimed in any 

26 preceding claim wherein the encoding means 

27 includes software which generates the enabling 

28 means. 
29 

30 5. Means to safeguard data as claimed in any 

31 preceding claim wherein the encoding means 

32 includes hardware which generates the enabling 

33 means. 
34 

35 6. Means to safeguard data as claimed in any 

36 preceding claim wherein the enabling means is job 
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1 specific. 
2 

3 7. Means to safeguard data as claimed in any 

4 preceding claim wherein the enabling means is an 

5 access code. 
6 

7 8. Means to safeguard data as claimed in any 

8 preceding claim wherein the decoding means is 

9 adapted for attachment to the data receiving 
10 means . 

11 

12 9. Means to safeguard data as claimed in any 

13 preceding claim wherein the decoding means is 

14 remote from the data receiving means. 
15 

16 10. Means to safeguard data as claimed in any 

17 preceding claim wherein the decoding means is 

18 integrated in the data receiving means. 
19 

20 11. Means to safeguard data as claimed in any 

21 preceding claim wherein the decoding means is a 

22 hardware device. 
23 

24 12. Means to safeguard data as claimed in any 

25 preceding claim wherein the decoding means 

26 includes means for input of the enabling means. 
27 

28 13. Means to safeguard data as claimed in Claim 12 

29 wherein the means for input of the enabling means 

30 is a data entry device. 
31 

32 14. Means to safeguard data as claimed in Claim 13 

33 wherein the data entry device is a keypad or a 

34 swipe. 
35 

36 15. Means to safeguard data as claimed in any 
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1 preceding claim which denies access to transferred 

2 data unless the decoding means is enabled by the 

3 enabling means within a specified time period from 

4 generation of the enabling means. 
5 

6 16. Means to safeguard data as claimed in any 

7 preceding claim which denies access to transferred 

8 data if more than one unsuccessful attempt is made 

9 to enable the decoding means. 
10 

11 17. Means to safeguard data as claimed in any 

12 preceding claim wherein the data transmitting 

13 means is a computer. 
14 

15 18. Means to safeguard data as claimed in any 

16 preceding claim wherein the data receiving 

17 means is a printer. 
18 

19 19 . Means to safeguard data as claimed in Claims 1 to 

20 19 wherein the data receiving means is a computer. 
21 

22 20. Means to safeguard data as claimed in Claims 1 to 

23 19 wherein the data receiving means is a facsimile 

24 machine. 
25 

26 21. A method of safeguarding data transferred 

27 within a network from a computer to a printer 

28 comprising the steps of: 

29 providing encoding means in the computer and 

30 decoding means for the printer; 

31 encoding the data and generating an access code in 

32 the computer? 

33 sending encoded data to the printer; and 

34 applying the access code to the decoding means to 

35 enable the decoding means and permit printing of 

36 the data. 
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1 22. A method of safeguarding data as claimed in Claim 

2 21 applied to an existing network. 
3 

4 23. A method of safeguarding data as claimed in Claim 

5 21 applied to the Internet. 
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